A Burp Suite extension that drives a content-discovery / fuzzing crawler from inside
Burp. It adds a Gobuster suite tab and a "send to crawler" context-menu action;
the heavy lifting (recursive crawling, wordlist fuzzing) runs in a companion server,
gocrawlerd, and results stream back into Burp in
real time over SSE.
Content discovery and fuzzing generate a lot of traffic against a target. Use this only against assets you own or are explicitly authorized to test (pentest engagement, bug bounty in-scope, CTF, lab). You are responsible for staying in scope and within the law.
gobuster/ffuf-style tools are great but live outside Burp: you lose Burp's session
handling, scoping, and the ability to throw an interesting response straight into Repeater.
This extension keeps the discovery loop inside Burp — pick a seed from the proxy history,
fuzz it, and the hits show up as real Burp HTTP messages you can pivot from — while
delegating the crawl engine to a small Go service so the JVM/UI stays responsive.
flowchart LR
subgraph Burp["Burp Suite + this extension"]
CTX["Context menu<br/>'send to crawler'"]
TAB["Gobuster suite tab"]
subgraph TAB
CTRL["Controls<br/>seed URL · wordlist · depth · filters"]
RES["Results table<br/>+ HTTP message viewer"]
end
CLIENT["CrawlerClient<br/>HTTP + SSE, X-Auth-Token"]
CTX --> CTRL
CTRL --> CLIENT
CLIENT --> RES
end
CLIENT -->|"POST /jobs (seed, wordlist, depth, filters)"| GD
GD -->|"GET /jobs/{id}/events (SSE: each hit)"| CLIENT
subgraph GD["gocrawlerd — Go crawler/fuzzer service :7071"]
Q["job queue"]
CR["recursive crawler + wordlist fuzzer"]
Q --> CR
end
CR -->|HTTP requests| TARGET[(Target web app)]
Requirements: Burp Suite (Community or Pro) with the Montoya API, JDK 17+ to build,
and a running gocrawlerd instance.
# Build the extension jar
./gradlew shadowJar
# -> build/libs/burp-gobuster-gui.jar
# In Burp: Extensions → Add → Java → select build/libs/burp-gobuster-gui.jarConfigure where the crawler lives and the auth token (both optional; defaults shown):
| Setting | JVM property | Env var | Default |
|---|---|---|---|
| Crawler base URL | -Dcrawler.base=... |
— | http://127.0.0.1:7071 |
| Auth token | -Dcrawler.token=... |
CRAWLER_TOKEN |
(empty) |
Set JVM properties via Burp's launch options (-D...) or run Burp with CRAWLER_TOKEN in
the environment. The token is sent as X-Auth-Token on every request.
- Start
gocrawlerd. - Load the extension in Burp.
- Either right-click a request in the proxy history → send to crawler, or open the Gobuster tab and enter a seed URL.
- Pick a wordlist, recursion depth, and result filters; start the job.
- Hits stream into the results table as they're found; select one to view the full request/response and send it on to Repeater/Intruder.
src/main/java/com/example/gobuster/
├── GobusterExtension.java # BurpExtension entrypoint: registers tab + context menu
├── net/CrawlerClient.java # HTTP + SSE client for gocrawlerd (X-Auth-Token)
└── ui/
├── GobusterPanel.java # the suite tab (controls + results)
├── ControlsPanel.java # seed / wordlist / depth / filter inputs
├── ResultsPanel.java # results table
├── HttpMessageViewerPanel.java, ResponseRenderer.java, FetchRow.java
├── FilterConfig.java, JsonUtil.java
└── SendToCrawlerContext.java # "send to crawler" context-menu provider
build.gradle # Java 17 target, shadowJar -> burp-gobuster-gui.jar
Working extension (v0.3.x). Pairs with gocrawlerd; the Java package is currently
com.example.gobuster (placeholder) — fine for loading, would be renamed for a release.
gocrawlerd— the crawler/fuzzer server this drives.
Part of my work — more at zz0r0.fr.